diff options
author | Andrew Bartlett <abartlet@samba.org> | 2001-10-31 01:52:34 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2001-10-31 01:52:34 +0000 |
commit | 2fc8e32ad342e3285e0d30a3a102e06ec4af5199 (patch) | |
tree | 201cb208c4914214860575ffb07b2a50c9f678c7 | |
parent | 1f829e19eb3b81ad1c4451fe9a90617e6cee7dd7 (diff) | |
download | samba-2fc8e32ad342e3285e0d30a3a102e06ec4af5199.tar.gz samba-2fc8e32ad342e3285e0d30a3a102e06ec4af5199.tar.bz2 samba-2fc8e32ad342e3285e0d30a3a102e06ec4af5199.zip |
Parionia to ensure people don't install libsmb based programs setuid root.
libsmb has not been written to be setuid, with things like LIBSMB_PROG allowing
all sort of fun and games.
Andrew Bartlett
(This used to be commit 0c8e9339d8238de92e9146d04091694b62874c33)
-rw-r--r-- | source3/lib/util_sec.c | 8 | ||||
-rw-r--r-- | source3/libsmb/clientgen.c | 6 | ||||
-rw-r--r-- | source3/utils/smbpasswd.c | 2 |
3 files changed, 15 insertions, 1 deletions
diff --git a/source3/lib/util_sec.c b/source3/lib/util_sec.c index a07e7d0e1a..c559647bf4 100644 --- a/source3/lib/util_sec.c +++ b/source3/lib/util_sec.c @@ -413,3 +413,11 @@ main() exit(0); } #endif + +/**************************************************************************** +Check if we are setuid root. Used in libsmb and smbpasswd parinoia checks. +****************************************************************************/ +BOOL is_setuid_root(void) +{ + return (geteuid() == (uid_t)0) && (getuid() != (uid_t)0); +} diff --git a/source3/libsmb/clientgen.c b/source3/libsmb/clientgen.c index ec8d2e2bfc..d509924a26 100644 --- a/source3/libsmb/clientgen.c +++ b/source3/libsmb/clientgen.c @@ -154,6 +154,12 @@ struct cli_state *cli_initialise(struct cli_state *cli) { BOOL alloced_cli = False; + /* Check the effective uid - make sure we are not setuid */ + if (is_setuid_root()) { + DEBUG(0,("libsmb based programs must *NOT* be setuid root.\n")); + return NULL; + } + if (!cli) { cli = (struct cli_state *)malloc(sizeof(*cli)); if (!cli) diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index 6a330812e1..ee8bae7a4a 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -933,7 +933,7 @@ int main(int argc, char **argv) strupper(global_myname); /* Check the effective uid - make sure we are not setuid */ - if ((geteuid() == (uid_t)0) && (getuid() != (uid_t)0)) { + if (is_setuid_root()) { fprintf(stderr, "smbpasswd must *NOT* be setuid root.\n"); exit(1); } |